Re: ASA 5505 transparent firewall with websense integration..

Matthew Needs · ‎04-28-2011

Hi All,

I'm looking for some advice on integrating a Cisco ASA5505 with a Websense proxy. I have a configuration setup where we have four routers which are used for Internet access. There are two VLAN's - Guest and Private. What I would like to achieve is making the use of available bandwidth by load distribution via GLBP, and filtering users web traffic.

Two routers will be used for a GLBP group in one VLAN, and the other two routers will be used for GLBP in another VLAN.

The users are connected to a Cisco 2960 switch and are in their respective VLAN's. I'm planning a 802.1q trunk to a Cisco ASA from the 2960 switch, carrying both VLAN's.

What I would like to know is if there is a CSC module (or similar) which has Websense installed on it, and if it is possible to setup the ASA5505 in transparent mode to filter the traffic in this way? Hopefully this would allow multiple users to take advantage of the additional bandwidth, and not be restricted by using a traditional proxy setup which where all web traffic would be originating from a single MAC address.

Many thanks

barry · ‎04-28-2011

Hi Matthew

A few points here:

1. The CSC module runs a version of Trend Micros engine, and doesn't support Websense.

2. The ASA can, via a service policy, relay traffic through an external Websense server which would need to be built as a separate server.

3. In transparent mode, the ASA only supports two interfaces which are effectively paired together as a layer 2 team (in and out). I think this means that you are going to struggle with your set up as you need two sets of two interfaces to keep your networks separate.

4. The only thing I could think of to assist with (3) would be to run 2 x contexts on the ASA. This would allow you to run 2 x transparent firewalls however from memory you need a 5510 to run contexts,

Barry